Php-addslashes, mysql_escape_string, mysql_real_escepe_string reference:
Http://hi.baidu.com/catro/blog/item/c9e153e7e40f2f24b9382092.html
Http://hi.baidu.com/devel83/blog/item/c367e781f026308af603a6d2.html
Http://hi.baidu.com/nathena/blog/item/498655137ec83bd7f6039e06.html
Start with the PHP Manual ..
In the manual, the characters escaped by addslashes are single quotation marks ('), double quotation marks ("), backslash (\), and NUL (NULL ).
Mysql_real_escape_string escape characters are not mentioned.
Note: mysql_real_escape_string () does not escape % and _
Directly calling the MySql c api. mysql_real_escape_string ()..
Note that before calling the mysql_real_escape_string API, this function first checks whether the database is connected.
CHECK_LINK (id); // This is the sentence
So this means that mysql_real_escape_string must be connected to the database before use
You can also use addslashes later. you can forget mysql_real_escape_string.
-------------------------
Summary:
Addslashes () is forcibly added;
Mysql_escape_string does not consider the connected current character set.
Mysql_real_escape_string () determines the character set, but requires the PHP version. functions are used to escape special characters in SQL statements. this method must be used after connecting to the database.